mirror of
https://github.com/golang/go
synced 2024-11-15 03:00:36 -07:00
net/http: also log TLS errors which look like HTTP sent to an HTTPS port
We log TLS handshake errors in general, but currently do not log errors when the first TLS record looks like an attempt to send HTTP to an HTTPS port. There doesn't seem to be any principled reason to log the one and not the other, so just log all TLS handshake errors. Fixes #66501 Change-Id: I5d78a754d054c220be935513448515721fa387a6 Reviewed-on: https://go-review.googlesource.com/c/go/+/573979 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Auto-Submit: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
parent
13a1f39ade
commit
15b2f69aa9
@ -1922,12 +1922,15 @@ func (c *conn) serve(ctx context.Context) {
|
||||
// If the handshake failed due to the client not speaking
|
||||
// TLS, assume they're speaking plaintext HTTP and write a
|
||||
// 400 response on the TLS conn's underlying net.Conn.
|
||||
var reason string
|
||||
if re, ok := err.(tls.RecordHeaderError); ok && re.Conn != nil && tlsRecordHeaderLooksLikeHTTP(re.RecordHeader) {
|
||||
io.WriteString(re.Conn, "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n")
|
||||
re.Conn.Close()
|
||||
return
|
||||
reason = "client sent an HTTP requset to an HTTPS server"
|
||||
} else {
|
||||
reason = err.Error()
|
||||
}
|
||||
c.server.logf("http: TLS handshake error from %s: %v", c.rwc.RemoteAddr(), err)
|
||||
c.server.logf("http: TLS handshake error from %s: %v", c.rwc.RemoteAddr(), reason)
|
||||
return
|
||||
}
|
||||
// Restore Conn-level deadlines.
|
||||
|
Loading…
Reference in New Issue
Block a user